| server { |
| listen 80; |
| listen [::]:80; |
| |
| return 301 https://$host$request_uri; |
| } |
| |
| server { |
| listen 443 ssl; |
| listen [::]:443 ssl; |
| |
| server_name id.miau.local; |
| |
| root /var/www/html; |
| location / { |
| index index.php index.html; |
| } |
| location ~ \.php$ { |
| include fastcgi_params; |
| fastcgi_pass simpleid:9000; |
| fastcgi_index index.php; |
| fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; |
| } |
| } |
| |
| server { |
| listen 443 ssl default_server; |
| listen [::]:443 ssl default_server; |
| ssl_certificate /etc/ssl/certs/sa-selfsigned.crt; |
| ssl_certificate_key /etc/ssl/private/sa-selfsigned.key; |
| ssl_protocols TLSv1.3; |
| ssl_prefer_server_ciphers on; |
| #ssl_dhparam /etc/nginx/dhparam.pem; |
| ssl_ciphers EECDH+AESGCM:EDH+AESGCM; |
| ssl_ecdh_curve secp384r1; |
| ssl_session_timeout 10m; |
| ssl_session_cache shared:SSL:10m; |
| ssl_session_tickets off; |
| ssl_stapling on; |
| ssl_stapling_verify on; |
| resolver 8.8.8.8 8.8.4.4 valid=300s; |
| resolver_timeout 5s; |
| # Disable strict transport security for now. You can uncomment the following |
| # line if you understand the implications. |
| #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; |
| add_header X-Frame-Options DENY; |
| add_header X-Content-Type-Options nosniff; |
| add_header X-XSS-Protection "1; mode=block"; |
| |
| server_name review.miau.local; |
| |
| location / { |
| proxy_pass http://gerrit:8080; |
| proxy_set_header X-Forwarded-For $remote_addr; |
| proxy_set_header Host $host; |
| } |
| } |